diff options
author | Kenny Root <kroot@google.com> | 2015-07-24 18:56:05 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2015-07-24 18:56:05 +0000 |
commit | 07f4f42347557420f105a72d9a93bc8ee88a3dc5 (patch) | |
tree | 4d210b442e8e6742e9b0ff9dca4fc158c1a6a03e /src/ssl/ssl_lib.c | |
parent | 71a0705e8fc5c39ca5b1daa512ef90c37246a76f (diff) | |
parent | bd9957e6e28506c4431ce8d3cadbc0a04905b15e (diff) | |
download | external_boringssl-07f4f42347557420f105a72d9a93bc8ee88a3dc5.zip external_boringssl-07f4f42347557420f105a72d9a93bc8ee88a3dc5.tar.gz external_boringssl-07f4f42347557420f105a72d9a93bc8ee88a3dc5.tar.bz2 |
Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533
* changes:
Handle RDRAND failures.
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
Fix for CVE-2015-1789.
Fixes for CVE-2015-1791.
Diffstat (limited to 'src/ssl/ssl_lib.c')
-rw-r--r-- | src/ssl/ssl_lib.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/ssl/ssl_lib.c b/src/ssl/ssl_lib.c index e95226f..9e1e308 100644 --- a/src/ssl/ssl_lib.c +++ b/src/ssl/ssl_lib.c @@ -1975,8 +1975,16 @@ void ssl_update_cache(SSL *s, int mode) { return; } + int has_new_session = !s->hit; + if (!s->server && s->tlsext_ticket_expected) { + /* A client may see new sessions on abbreviated handshakes if the server + * decides to renew the ticket. Once the handshake is completed, it should + * be inserted into the cache. */ + has_new_session = 1; + } + SSL_CTX *ctx = s->initial_ctx; - if ((ctx->session_cache_mode & mode) == mode && !s->hit && + if ((ctx->session_cache_mode & mode) == mode && has_new_session && ((ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(ctx, s->session)) && ctx->new_session_cb != NULL) { @@ -2960,6 +2968,10 @@ err: return 0; } +int SSL_initial_handshake_complete(const SSL *ssl) { + return ssl->s3->initial_handshake_complete; +} + int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; } int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; } int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; } |